Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trouble with Authentication #14

Closed
m-skolnick opened this issue Oct 24, 2022 · 4 comments
Closed

Trouble with Authentication #14

m-skolnick opened this issue Oct 24, 2022 · 4 comments

Comments

@m-skolnick
Copy link

m-skolnick commented Oct 24, 2022
edited
Loading

Hello, thanks for such a beautiful API.

TLDR: I can't authenticate with v3 apis. When I change URLs to v2, I can get it working, but not with v3.

I am having the same issue with curl commands.

Below is how I am using the client:

  Future<void> makeRequestWithClient({
    required String user,
    required String apiToken,
  }) async {
    final client = ApiClient.basicAuthentication(
      Uri.parse('https://jira.<my_company>.com'),
      user: user,
      apiToken: apiToken,
    );

    final jira = JiraPlatformApi(client);

    final metadata = await jira.issues.getCreateIssueMeta();
    _logger.info(metadata.toJson().toString());

    client.close();
  }

It looks like you're authenticating in the BasicAuthenticationClient like so:

echo -n my.email@company.com:api_token_string | base64

curl -D- \
   -X GET \
   -H "Authorization: Basic <auth_from_above>" \
   -H "Content-Type: application/json" \
   "https://jira.<my_company>.com/rest/api/3/issue/createmeta"

I get the same error in curl and Dart from above:

Error:

HTTP/2 401 
date: Mon, 24 Oct 2022 16:39:55 GMT
content-type: text/html;charset=UTF-8
set-cookie: <cookie>; Expires=Mon, 31 Oct 2022 16:39:54 GMT; Path=/
x-arequestid: 699x16297995x6
x-anodeid: Node-1
referrer-policy: strict-origin-when-cross-origin
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-seraph-loginreason: AUTHENTICATED_FAILED
www-authenticate: OAuth realm="https%3A%2F%2Fjira.<my_company>.com"
cf-cache-status: DYNAMIC
cf-request-id: 14ac7687360000aa07a6144000000001
set-cookie: AWSALBCORS=<cookie>; Expires=Mon, 31 Oct 2022 16:39:54 GMT; Path=/; SameSite=None; Secure
set-cookie: __cf_bm=<cookie>; path=/; expires=Mon, 24-Oct-22 17:09:55 GMT; domain=.<my_company>.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 75f426b84c8aaa07-DFW

<html>

<head>
    <title>Unauthorized (401)</title>
...

However, if I:

  1. Edit the url to be v2 instead of v3
    rest/api/3/issue/createmeta -> rest/api/2/issue/createmeta
  2. Use a bearer auth header
  3. everything works as expected
  Future<void> makeRequestWithClient({
    required String user,
    required String apiToken,
  }) async {
    final client = ApiClient(
      Uri.parse('https://jira.<my_company>.com'),
      _BasicAuthClient(
        http.Client(),
        apiToken: apiToken,
      ),
    );

    final jira = JiraPlatformApi(client);

    final metadata = await jira.issues.getCreateIssueMeta();
    _logger.info(metadata.toJson().toString());

    client.close();
  }



class _BasicAuthClient extends http.BaseClient {
  final http.Client innerClient;
  final String apiToken;

  _BasicAuthClient(this.innerClient, {required this.apiToken});

  @override
  Future<http.StreamedResponse> send(http.BaseRequest request) {
    request.headers['Authorization'] = 'Bearer $apiToken';
    return innerClient.send(request);
  }

  @override
  void close() {
    innerClient.close();
    super.close();
  }
}

Curl also works with api v2:

curl -D- \
   -X GET \
   -H "Authorization: Bearer <my_api_token>" \
   -H "Content-Type: application/json" \
   "https://jira.<my_company>.com/rest/api/2/issue/createmeta"

Any advice would be greatly appreciated.
@xvrh
Copy link
Owner

xvrh commented Oct 24, 2022

Hello @m-skolnick,
This library is only tested with the "Cloud version" of Atlassian products (url like "your-company.atlassian.net").

It seems you may be trying to use it with the legacy "server" mode? Which probably is an old version of the http API with a different authentication method...
I think you may want to try to get the OpenAPI/Swagger schema for your version of Jira and re-generate a dart client...

@m-skolnick
Copy link
Author

I think you're right. I haven't had any issues with the API found here: https://developer.atlassian.com/cloud/jira/platform/rest/v2/intro/

If I do get it generated, would you like me to put a PR back into this repo to allow the user to choose between v2 or v3?

@xvrh
Copy link
Owner

xvrh commented Oct 24, 2022

would you like me to put a PR back into this repo to allow the user to choose between v2 or v3?

If you find the openapi files for those v2 apis and it works directly with the generator in this package, then yes why not. We can add them as lib/confluence_legacy_v2.dart (or something like that).

I suspect it will be a bit more complex. You may find some old swagger schemas and that would require some big changes in the generator. In that case, maintaining it in a new package will be simpler...

@m-skolnick
Copy link
Author

Sounds good. I'll give it a shot when I get a chance. Thanks for your time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xvrh @m-skolnick